A roUrlTransfer object transfers data to or from remote servers specified by URLs. It can perform mutual authentication with a web server.

Supported Interfaces

Events Supported


This object is created with no parameters:

  • CreateObject("roUrlTransfer")

If using HTTPS, the developer must specify a certificate file by calling SetCertificatesFile() with a .pem file that includes the certificate authority cert (like Verisign, Thawte, etc., or your own with OpenSSL) that signed the web server certificate. This must be called before making a request. The developer can also use the Roku standard cert bundle (which contains certificates for most common signing authorities) stored in common:/certs/ca-bundle.crt; or download the CA certificate here

The web server can authenticate that the requested connection is from a Roku Streaming Player and that the request is from your application by taking the following actions:

  1. Add the Roku CA certificate to the web server's certificate authorities keychain, download the CA certificate.  
  2. Configure your web server to reject any connection that does not have a valid client certificate.
  3. Check the X-Roku-Reserved-Dev-Id header in the request. It should contain the Developer ID of your application. If it does not, another application on the Roku is attempting to access the server, and the request is rejected.

In order for your web server to perform the steps above to authenticate your Roku Streaming Player, your application needs to call the following functions before performing any https requests:

object.AddHeader("X-Roku-Reserved-Dev-Id", "")


ca-bundle.crt (application/x-x509-ca-cert)